Directory Traversal Vulnerability in Automation License Manager by Siemens
CVE-2018-11455

8.8HIGH

Key Information:

Vendor

Siemens
Status
Automation License Manager 5, Automation License Manager 6
Vendor
CVE Published:
7 August 2018

What is CVE-2018-11455?

A directory traversal vulnerability exists in Siemens Automation License Manager affecting specific versions. This weakness allows an unauthorized remote attacker to access arbitrary files on the system, potentially leading to code execution. The attack requires network access to the affected system and necessitates user interaction, eliminating the need for privileged status or unique conditions. Ensuring that systems are updated to the corrected versions is essential to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Automation License Manager 5, Automation License Manager 6 Automation License Manager 5 : All versions < 5.3.4.4 < Automation License Manager 5 : All versions 5.3.4.4

Automation License Manager 5, Automation License Manager 6 Automation License Manager 6 : All versions < 6.0.1 < Automation License Manager 6 : All versions 6.0.1

References

http://www.securityfocus.com/bid/105114
vdb-entryx_refsource_BID
https://cert-portal.siemens.com/productcert/pdf/ssa-92096...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.